Warning: do not use Hive Social

According to zerforschung, one of the popular twitter alternatives which gained more than a million users in the past week is reported to suffer from a number of critical vulnerabilities. The issues reported by the authors allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login. Attackers can also overwrite data such as posts owned by other users, as shown in the video from the article.

ESET’s cybersecurity expert Jake Moore commented:“With many people currently on the look out to potentially replace Twitter, they may be quick to download lots of alternatives but this could be at the detriment to their personal information. The data exposed is worryingly intrusive and damaging to users. Many people will have downloaded Hive Social on the recommendation from a friend or peer group but this is often where the due diligence stops and security and privacy remain an afterthought.

The sensitive information that could be viewed such as private posts, phone numbers and messages could have caused further social engineering attacks by obtaining more details such as financial credentials. People must be reminded to carry out research on new apps before downloading them and to limit the amount of data they lend to new applications, especially social media platforms which demand relatively personal data to function. We also need to remember not to post so much information on social media too. However mundane it may be viewed online, cybercriminals may be able to exploit it.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s